ISO 14971 breaks down all aspects of risk management. One of the first steps to take in creating your risk management program is to create a Risk Management Plan. For each medical device manufactured, “the manufacturer shall establish and document a risk management plan in accordance with the risk management process.” (ISO 14971:2007) The Risk Management Plan documentation should be stored in the Risk Management File.
Included in the Risk Management Plan should be the strategy for handling risk. There are four broad categories these strategies can fall in:
- Avoid Risk – this would require you to change your current plans in order to get around the risk
- Control/Mitigate Risk – reduce the impact or the likelihood of the risk occurring through various steps
- Accept Risk – allow the risk to occur, and plan on absorbing any negative impact
- Transfer Risk – any risk, or process associated with the risk, is contracted out to another party to handle
If your company has an effective Risk Management Plan in place, you have the ability to prevent small issues from ballooning into catastrophes. These “catastrophes” could end up costing your company time and money by causing delays in manufacturing, distribution or sale of your products. Your plan should be updated periodically throughout the product lifecycle.
When creating a Risk Management Plan, there are six steps that should be considered:
- Make a list of any potential risks that could be involved – all the way down to the most minute details.
- Create a chart that identifies the various areas of your project/product, as well as the risks.
- Perform a risk assessment to determine how likely the risks are to actually happen.
- Identify who will be responsible for each risk area.
- Monitor the risks.
- Plan appropriate responses to each risk identified.